The Consent Template CT003 finalized by the Lending Use Case Council provides a structured framework for obtaining consent from borrowers to monitor their financial activities, ensuring alignment with industry best practices.
This consent template also requires the implementation of the following Codes of Conduct and Technical Guardrails to promote consumer privacy. The Technical Guardrails recommended by the Use Case Council are as follows:
| Technical Guardrail | Responsibility |
|---|---|
| FIU to provide disclosure (as a part of the purpose text) that monitoring consent will be activated only if the loan is disbursed. | FIU will implement the standardized Purpose text as per the CT003 in their consent request, and later this would be automated as a part of Sahamati’s Fair Use System |
| FIU to ensure, technically, that data against monitoring consent will get pulled only if a loan is active | FIU will be responsible for configuring their back-end systems to ensure this |
| At the end of the journey of a rejected/prepaid customer (purpose fulfilled), the customer shall compulsorily be provided an option to revoke monitoring consent | FIU to present a redirection link to the AA page/app for the customer to revoke consent live (as a best practice) or through any other communication channel (in case of non-STP journeys) |
| To ensure that customers are informed about their data being accessed due to prior monitoring consent, consumers should be regularly notified of data pulls and active consents. | AA to provide regular notifications to consumers via appropriate communication channels. Frequency to be discussed/decided with the AA Steering Group |
| Last published | 17th May 2024 |
Please find below the parameters for AA Consent Template ID CT003 as finalized by the Lending Use Case Council:
| Consent Template Information / Attributes | Description / Upperbounds |
|---|---|
| Consent Template ID | CT003 |
| Status | Active |
| Use Case Category | Account Monitoring |
| Use case | Monitoring a borrower’s account to verify loan repayment capability |
| License types considered | Bank, NBFC, HFC |
| Purpose Text (for customers) | To monitor borrower’s account to verify loan repayment capability, subject to loan activation |
| Purpose Text (as per ReBIT) | Explicit consent for monitoring of the accounts |
| Purpose Code | 104 |
| Purpose Code Category Name | Financial Reporting |
| FI Types | All RBI and SEBI FI Types, GSTN |
| Consent Types | Profile, Summary, Transactions |
| Fetch-type | Periodic |
| Maximum Frequency | 5 times per month |
| Maximum FI Data Range | 6 months |
| Maximum Consent expiry | Coterminous with loan tenure |
| Maximum Data Life | 1 Month |
| Last published on: | 17th May 2024 |
Note: Loan underwriting and Loan monitoring are two different purposes, and hence, two distinct consents should be sought for these two processes. (Code of Conduct on the same is published here)
Please note that the parameters of the individual consent templates in the Consent Template Library represent upper bounds for the respective use cases, as decided in the relevant User Councils. The parameters in the consent templates should be treated by participant(s) as outer limit(s) and not be construed as legal advice in any manner. Participants are encouraged to review their use case(s) and ensure compliance with applicable laws, including the RBI Master Directions on NBFC-AA and the DPDP Act.
Sahamati will publish additional consent templates as the AA ecosystem evolves based on discussions in the relevant Use Case Councils and the Fair Use Committee. Existing consent templates may also be revised based on statutory and regulatory guidance, including the DPDP Act and the Rules issued thereunder.
